Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

OpinionMart Windows Opening, Google Chrome Hijacked?


  • Please log in to reply
7 replies to this topic

#1 caccigirl

caccigirl

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 AM

Posted 21 August 2011 - 08:31 AM

I'll keep this short. I'm running a Sony VAIO laptop with Windows 7. I have had AVG anti-virus free version since the day I got it.

Within the last couple weeks, I've noticed some strange things with my laptop. First, I'd have this installer type window popping up. It'd ask me to select a language for the installation. The strange thing was, in the taskbar / the CTRL+alt+delete program manager, the install program wasn't named or titled. I didn't know what it was trying to install! Every time it came up, which was probably a total of three or four times, I X-ed out of it. It'd freeze for a moment, and then close.

About a week ago, AVG was doing it's daily scan and found a rootkit within Google Chrome, the main browser I use. It said it wasn't removed, so I went into AVG, and removed it.

And then something else started. I'd be doing my thing, whatever, on Google Chrome. All of the sudden, a new window would open, or the one I was working on would go to some OpinionMart page. It's NOT a pop-up - either a new tab within Google Chrome, or the same tab I was on. I kept thinking I was accidentally clicking an ad or something, but I realized that wasn't it, when I've gotten that page at least three times, and it's pulled up while I was away from the computer.

Also, something new has happened today. I was doing my business, writing an essay in Open Office, with Google Chrome running. I had the following tabs up: Tumblr, Yahoo email, and Google. I switched over to Tumblr, began scrolling down the page, and all of the sudden Google Chrome asks me the usual 'are you sure you want to download this, this type of file can harm your computer' warning you get at the bottom of the window, when you try download something. Thinking I accidentally clicked something, I said no, don't download, but whatever it was starting downloading anyways. I quickly closed the window, but not before getting a look at the title of the download: 9LcankSr.htm

I have scanned with a fully-updated version of Malwarebytes: Anti-Malware, scanned with AVG, and scanned with ESET online scanner. Nothing! But I know something is up, so please help me.

Thank you so much,
Cassidy

EDIT:
I'm not sure if this is the same rootkit that AVG removed, but I was going through my virus vault, and saw this had been removed: PWS-spyeye.env.a

Edited by caccigirl, 21 August 2011 - 08:44 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:33 AM

Posted 21 August 2011 - 01:33 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 AM

Posted 21 August 2011 - 09:33 PM

Here is my log from Security Check:
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG PC Tuneup 2011
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Reader 9.3.2
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````


~~~~~~~~~~~~

Here is my log from MiniToolBox:


MiniToolBox by Farbar
Ran by Cassidy (administrator) on 21-08-2011 at 21:21:35
Windows 7 Home Premium (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MINE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-25-B8-8A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Advanced-N 6250 AGN
Physical Address. . . . . . . . . : 64-80-99-0D-06-44
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b998:d380:baf1:e6b4%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 21, 2011 9:12:49 PM
Lease Expires . . . . . . . . . . : Sunday, August 21, 2011 10:12:49 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 301998869
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-03-E9-F4-F0-BF-97-10-0B-DF
DNS Servers . . . . . . . . . . . : 68.113.206.10
24.217.0.5
24.217.201.67
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : F0-BF-97-10-0B-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C68CD09A-0B16-4F59-84EF-62E5D37A2BC1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CFF0CEEE-8AD9-4681-89FF-01DBE7139538}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{172F2F57-9B13-4095-8ADB-7D63B1ADE604}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:816:319e:9ea2:282c(Preferred)
Link-local IPv6 Address . . . . . : fe80::816:319e:9ea2:282c%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: vip01ftwotx.ftwo.tx.charter.com
Address: 68.113.206.10

Name: google.com
Addresses: 74.125.73.103
74.125.73.105
74.125.73.99
74.125.73.104
74.125.73.147
74.125.73.106


Pinging google.com [74.125.73.104] with 32 bytes of data:
Reply from 74.125.73.104: bytes=32 time=96ms TTL=52
Reply from 74.125.73.104: bytes=32 time=19ms TTL=52

Ping statistics for 74.125.73.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 96ms, Average = 57ms
Server: vip01ftwotx.ftwo.tx.charter.com
Address: 68.113.206.10

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=13ms TTL=54
Reply from 209.191.122.70: bytes=32 time=15ms TTL=54

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 15ms, Average = 14ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...64 d4 da 25 b8 8a ......Intel® Centrino® WiMAX 6250
12...64 80 99 0d 06 44 ......Intel® Centrino® Advanced-N 6250 AGN
11...f0 bf 97 10 0b df ......Marvell Yukon 88E8059 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.12 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.12 281
192.168.0.12 255.255.255.255 On-link 192.168.0.12 281
192.168.0.255 255.255.255.255 On-link 192.168.0.12 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.12 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.12 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:816:319e:9ea2:282c/128
On-link
12 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::816:319e:9ea2:282c/128
On-link
12 281 fe80::b998:d380:baf1:e6b4/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service) (User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service) (User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service) (User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service) (User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service) (User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/20/2011 11:56:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (08/20/2011 10:31:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1069107

Error: (08/20/2011 10:31:49 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1069107


System errors:
=============
Error: (08/21/2011 09:56:26 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (08/18/2011 04:48:06 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{C68CD09A-0B16-4F59-84EF-62E5D37A2BC1} because another computer on the network has the same name. The server could not start.

Error: (08/14/2011 06:00:42 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Management & Security Application User Notification Service service failed to start due to the following error:
%%1053

Error: (08/14/2011 06:00:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel® Management & Security Application User Notification Service service to connect.

Error: (08/14/2011 10:33:10 AM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (08/14/2011 10:33:10 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (08/14/2011 09:33:09 AM) (Source: Service Control Manager) (User: )
Description: The VAIO Care Performance Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/13/2011 11:58:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (08/13/2011 01:11:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (08/04/2011 10:39:57 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:37:50 AM on ?8/?4/?2011 was unexpected.


Microsoft Office Sessions:
=========================
Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service)(User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service)(User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service)(User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service)(User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service)(User: )
Description: SetNextQueryTime: Lock not held! mDNS_busy (2) mDNS_reentrancy (0)

Error: (08/21/2011 09:12:49 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (08/20/2011 11:56:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Cassidy\Downloads\esetsmartinstaller_enu (1).exe

Error: (08/20/2011 10:31:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1069107

Error: (08/20/2011 10:31:49 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1069107


=========================== Installed Programs ============================

(Version: 1.0.0.05280)
(Version: 1.1.0.02250)
(Version: 3.0.0.05310)
(Version: 4.3.0.05310)
(Version: 5.2.0.06210)
(Version: 5.3.0.05310)
(Version: 5.3.0.07231)
Adobe Flash Player 10 ActiveX (Version: 10.1.53.64)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Reader 9.3.2 (Version: 9.3.2)
Alps Pointing-device for VAIO
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft WebCam Companion 3 (Version: 3.0.21.390)
AVG 2011 (Version: 10.0.1392)
AVG 2011 (Version: 10.0.1520)
AVG PC Tuneup 2011 (Version: 10.0.0.26)
Best Buy pc app (Version: 3.0.0.0)
Bonjour (Version: 2.0.5.0)
D3DX10 (Version: 15.4.2368.0902)
ESET Online Scanner v3
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2119)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.02.1000)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
Intel® Turbo Boost Technology Driver (Version: 01.02.00.1002)
Intel® Wireless Display (Version: 1.2.20.0)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 26 (Version: 6.0.260)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Media Gallery (Version: 1.3.0)
Media Gallery (Version: 1.3.0.11220)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 5.0.1 (x86 en-US) (Version: 5.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nancy Drew: Trail of the Twister (Version: 1.0.0)
Oasis2Service 1.0 (Version: 1.0.0)
OOBE (Version: 3.20.1018)
OpenOffice.org 3.3 (Version: 3.3.9567)
Origin (Version: 8.2.1.458)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.5.00.11260)
PMB VAIO Edition Plug-in (Version: 1.4.00.09190)
PMB VAIO Edition Plug-in (Version: 1.4.01.11290)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.6098)
Remote Play with PlayStation 3 (Version: 1.0.2.06210)
Remote Play with PlayStation®3 (Version: 1.0.2.06210)
Safari (Version: 5.34.50.0)
Skype Toolbars (Version: 5.3.7280)
Skype™ 5.3 (Version: 5.3.116)
The Sims™ 3 (Version: 1.24.3)
The Sims™ 3 Ambitions (Version: 4.10.1)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 World Adventures (Version: 2.0.86)
VAIO - Media Gallery (Version: 1.3.0.11220)
VAIO - PMB VAIO Edition Guide (Version: 1.4.00.10090)
VAIO - PMB VAIO Edition Plug-in (Version: 1.4.01.11300)
VAIO Care (Version: 6.2.2.07150)
VAIO Control Center (Version: 4.3.0.05310)
VAIO Data Restore Tool (Version: 1.4.0.05240)
VAIO Gate (Version: 2.2.0.06080)
VAIO Gate Default (Version: 2.2.0.07020)
VAIO Hardware Diagnostics (Version: 4.0.0.06230)
VAIO Help and Support (Version: 12.00.0622)
VAIO Manual (Version: 1.1.0.05280)
VAIO Media plus (Version: 2.1.0)
VAIO Media plus (Version: 2.1.0.18210)
VAIO Media plus Opening Movie (Version: 2.1.0.14080)
VAIO Messenger (Version: 2.0.202.0)
VAIO Quick Web Access (Version: 1.3.4.7)
VAIO Sample Contents (Version: 1.2.0.16080)
VAIO Smart Network (Version: 3.3.0.06080)
VAIO Survey (Version: 6.00.1028)
VAIO Transfer Support (Version: 1.2.0.06230)
VAIO Update (Version: 5.4.1.04200)
VAIO Wireless Wizard (Version: 3.0.0.06230)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinRAR 4.01 (64-bit) (Version: 4.01.0)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3758.1 MB
Available physical RAM: 1826.47 MB
Total Pagefile: 7514.34 MB
Available Pagefile: 4860.91 MB
Total Virtual: 4095.88 MB
Available Virtual: 3984.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:455.31 GB) (Free:392.2 GB) NTFS

========================= Users: ========================================

User accounts for \\MINE

Administrator Cassidy Guest


**** End of log ****


~~~~~~~~~~~~

I do not have an MBAM log, because the scan came out clean. It didn't provide me with a log.

~~~~~~~~~~~~

I will post my GMER log in a few minutes, since I have to close all running programs.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:33 AM

Posted 21 August 2011 - 10:03 PM

OK....

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 AM

Posted 21 August 2011 - 10:09 PM

Here is my GMER log:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-21 22:09:16
Windows 6.1.7600
Running: 2jygxuro.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27b11
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27b11 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:33 AM

Posted 21 August 2011 - 10:27 PM

All your logs look perfectly clean.

You need to install Service Pack 1 and...

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 caccigirl

caccigirl
  • Topic Starter

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:33 AM

Posted 21 August 2011 - 10:31 PM

Are you sure my computer is clean? I was having those strange OpinionMart tabs opening, and files downloading without my permission/without me doing anything. That doesn't seem clean to me?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:33 AM

Posted 21 August 2011 - 10:37 PM

If it happens in Google Chrome, try to run it in "incognito" mode for a while and see what happens: http://googlesystem.blogspot.com/2010/02/google-chrome-safe-mode.html
Possibly one of your add-ons is giving you issues.

If you prefer more advanced help...
...you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users